000fb965c51476f7e173e09cfd90cc6bb27342fa8218926747b9e1e48a30c087

Sharing

Copy URL Twitter E-mail

General

Target

000fb965c51476f7e173e09cfd90cc6bb27342fa8218926747b9e1e48a30c087
Size

2.7MB
MD5

c1adbc01500233673c865f8a7affae59
SHA1

8ac1f293e1e5e14f46bf2da6e90095bcd3837331
SHA256

000fb965c51476f7e173e09cfd90cc6bb27342fa8218926747b9e1e48a30c087
SHA512

f2878dd32abbf17fad381464a0bcaf2295544235abc12936e562f1fad7f2fb5b17b01f560bc93e5e0517dbb44997f66457dae4f1dabbf631e30efc7dfb0e179a
SSDEEP

49152:oO186BjkC+0Fyp07NeCDBRPXdg6JAMgXIU6iRb:nVVFCo9JL+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
000fb965c51476f7e173e09cfd90cc6bb27342fa8218926747b9e1e48a30c087

Files

000fb965c51476f7e173e09cfd90cc6bb27342fa8218926747b9e1e48a30c087
.exe windows x64

094d1fc2b33c46d217aba5d65b9afaa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileCompletionNotificationModes
CreateIoCompletionPort
SetConsoleMode
GetConsoleMode
SetThreadStackGuarantee
GetModuleHandleA
GetProcAddress
GetCurrentThread
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
AddVectoredExceptionHandler
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
CreateFileW
GetFileInformationByHandle
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetConsoleTextAttribute
GetFileType
TerminateProcess
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
SetHandleInformation
WakeConditionVariable
CreateThread
SetFilePointerEx
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetConsoleCtrlHandler
RtlVirtualUnwind
GetModuleFileNameW
GetConsoleScreenBufferInfo
GetFullPathNameW
SetLastError
GetQueuedCompletionStatusEx
GetCommandLineW
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemInfo
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
MoveFileExW
SetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandleEx
CopyFileExW
GetLastError
SetUnhandledExceptionFilter
GetCurrentThreadId
PostQueuedCompletionStatus
FindClose
CloseHandle
GetCurrentProcessId
SwitchToThread
HeapReAlloc
IsProcessorFeaturePresent
HeapFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetStdHandle
HeapAlloc
ReleaseMutex
GetProcessHeap

ws2_32

recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSASend
shutdown
send
WSAIoctl
accept
ioctlsocket
listen
bind
setsockopt
WSASocketW
closesocket
WSAGetLastError
getsockname

iphlpapi

GetAdaptersAddresses

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtWriteFile
NtReadFile
NtCreateFile

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

vcruntime140

memmove
__current_exception
__current_exception_context
__C_specific_handler
memset
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
__p___argv
terminate
_exit
__p___argc
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 742KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

094d1fc2b33c46d217aba5d65b9afaa4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

ntdll

bcrypt

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 742KB - Virtual size: 742KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 28KB - Virtual size: 27KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 742KB - Virtual size: 742KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 28KB - Virtual size: 27KB

.reloc
Size: 18KB - Virtual size: 17KB